× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a
파일 이름: igfxtrayex.exe
탐지 비율: 59 / 71
분석 날짜: 2019-05-17 23:44:21 UTC ( 1주 전 )
안티바이러스 결과 업데이트
Ad-Aware Trojan.NukeSped.B 20190517
AegisLab Trojan.Win32.DestoverServ.m!c 20190517
AhnLab-V3 Trojan/Win32.Destroyer.R127288 20190517
Alibaba Backdoor:Win32/DestoverServ.713ea375 20190513
ALYac Backdoor.Destover.A 20190517
Antiy-AVL Trojan/Win32.Destover 20190517
APEX Malicious 20190517
Arcabit Trojan.NukeSped.B 20190518
Avast Win32:Destover-A [Trj] 20190517
AVG Win32:Destover-A [Trj] 20190517
Avira (no cloud) HEUR/AGEN.1013607 20190518
BitDefender Trojan.NukeSped.B 20190517
CAT-QuickHeal Trojan.NukeSped.EM4 20190517
ClamAV Win.Trojan.Wiper-1 20190517
Comodo Malware@#143qx9t0a56m 20190517
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.80d758 20190417
Cylance Unsafe 20190518
Cyren W32/Trojan.AWHZ-7137 20190517
DrWeb Trojan.KillFiles.17829 20190517
Emsisoft Trojan.NukeSped.B (B) 20190517
Endgame malicious (high confidence) 20190403
ESET-NOD32 Win32/NukeSped.A 20190517
F-Prot W32/Wiper.B 20190517
F-Secure Heuristic.HEUR/AGEN.1013607 20190518
FireEye Generic.mg.760c35a80d758f03 20190517
Fortinet W32/Wiper.SNAT!tr 20190517
GData Trojan.NukeSped.B 20190517
Ikarus Trojan-Spy.Netver 20190517
Sophos ML heuristic 20190313
Jiangmin Trojan/Destover.d 20190518
K7AntiVirus Riskware ( 0040eff71 ) 20190517
K7GW Riskware ( 0040eff71 ) 20190517
Kaspersky Backdoor.Win32.DestoverServ.a 20190517
MAX malware (ai score=100) 20190518
McAfee Trojan-Wiper 20190517
McAfee-GW-Edition BehavesLike.Win32.PWSOnlineGames.dc 20190517
Microsoft Backdoor:Win32/Escad.AB!dha 20190518
eScan Trojan.NukeSped.B 20190517
NANO-Antivirus Trojan.Win32.Destover.dknhuh 20190517
Palo Alto Networks (Known Signatures) generic.ml 20190518
Panda Trj/CI.A 20190517
Qihoo-360 Trojan.Generic 20190518
Rising Backdoor.Escad!8.18BD (CLOUD) 20190517
SentinelOne (Static ML) DFI - Malicious PE 20190511
Sophos AV Troj/Destover-B 20190517
Symantec Backdoor.Destover 20190517
TACHYON Trojan/W32.Destover.249856 20190517
Tencent Win32.Trojan.Agent.Ts 20190518
TheHacker Trojan/NukeSped.a 20190516
TotalDefense Win32/Tnega.XAWY!suspicious 20190517
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall BKDR_WIPALL.B 20190517
VBA32 Trojan.Destover 20190517
VIPRE Trojan.Win32.Generic!BT 20190517
ViRobot Trojan.Win32.Wiper.249856 20190517
Webroot Backdoor.Destover 20190518
Zillya Trojan.Destover.Win32.2 20190517
ZoneAlarm by Check Point Backdoor.Win32.DestoverServ.a 20190517
Acronis 20190517
Avast-Mobile 20190517
Babable 20190424
Baidu 20190318
Bkav 20190517
CMC 20190321
eGambit 20190518
Kingsoft 20190518
Malwarebytes 20190517
SUPERAntiSpyware 20190514
Symantec Mobile Insight 20190516
TrendMicro 20190517
Trustlook 20190518
Zoner 20190517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-24 04:11:08
Entry Point 0x00004132
Number of sections 4
PE sections
PE imports
CloseServiceHandle
ChangeServiceConfig2W
StartServiceW
OpenProcessToken
SetServiceStatus
QueryServiceStatus
RegisterServiceCtrlHandlerW
OpenSCManagerW
StartServiceCtrlDispatcherW
OpenServiceW
AdjustTokenPrivileges
ControlService
StartServiceA
LookupPrivilegeValueW
DeleteService
OpenSCManagerA
CreateServiceW
GetStdHandle
GetDriveTypeW
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
DeviceIoControl
GetEnvironmentVariableA
CopyFileW
GetModuleFileNameW
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
GetDiskFreeSpaceExW
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
DeleteFileW
GetProcAddress
CompareStringW
FindNextFileW
GetCurrentThreadId
CompareStringA
GetComputerNameA
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
VirtualFree
SizeofResource
WideCharToMultiByte
GetCommandLineA
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
CreateProcessA
HeapCreate
GetTempPathW
CreateProcessW
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
SHGetSpecialFolderPathW
PathFindExtensionW
GetClientRect
EndPaint
UpdateWindow
RegisterClassExW
EndDialog
BeginPaint
TranslateMessage
DialogBoxParamW
DefWindowProcW
LoadStringW
LoadCursorW
CreateWindowExW
LoadAcceleratorsW
GetMessageW
PostQuitMessage
ShowWindow
DrawTextW
DestroyWindow
ExitWindowsEx
DispatchMessageW
TranslateAcceleratorW
setsockopt
socket
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
WSAGetLastError
connect
shutdown
htons
closesocket
select
Number of PE resources by type
ICON_PACKAGES 3
RT_ACCELERATOR 1
RT_DIALOG 1
RT_STRING 1
RT_MENU 1
Number of PE resources by language
KOREAN 4
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:24 05:11:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
208896

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4132

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 760c35a80d758f032d02cf4db12d3e55
SHA1 1c66e67a8531e3ff1c64ae57e6edfde7bef2352d
SHA256 e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a
ssdeep
6144:NEZMK23QmooomscTEhVH5MBoxOtA8SL0/pi:5p3QmZomsJooH880o

authentihash d04ec2846a84fd498aba122fe9245d07e4e2455b3b2f270a78e0e2f609c7f75f
imphash bcfdbeec0dd613a17bd97cb8d9446949
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-12-03 14:11:51 UTC ( 4년, 5개월 전 )
Last submission 2018-06-20 20:26:24 UTC ( 11개월, 1주 전 )
파일 이름 taskhostye.exe
e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a.wwb
Win32.Destover.c
23651621.malware
23439692.malware
23494870.malware
igfxtrayex.exe
23670454.malware
igfxtrayex.exe
vti-rescan
taskhostcg.exe
23431010.malware
taskhostld.exe
1c66e67a8531e3ff1c64ae57e6edfde7bef2352d
sony
760c35a80d758f032d02cf4db12d3e55
taskhostvs.exe
760c35a80d758f032d02cf4db12d3e55
23503168.malware
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs